Advisory Financial Services Client Story

Validating the Effectiveness of Security Training via a Phishing Simulation

A financial services Client mandates security awareness training across their organization on a regular basis. Our Client wanted to verify the effectiveness of their awareness training and evaluate the risk exposure of critical business units within the organization.

USA
Financial Services

Practice Areas
  • Phishing and Employee Awareness Campaigns


Our Client’s Challenge:

  • Phishing, a form of social engineering, is a common avenue by which an intruder can gain access to a company’s internal systems. An attacker who tricks employees into providing their credentials can leverage such accounts to perform damaging attacks.
  • Though security awareness training was mandated for all employees, our Client was unsure of the effectiveness of the awareness training and wanted to focus on a phishing simulation to align training knowledge to real-world outcomes.
  • In addition, our Client wanted to evaluate the risk exposure of critical business units within the organization which were more likely to be impacted by a phishing attack.

Our Approach:

  • Working closely with our Client, Security Compass designed and tailored a custom phishing simulation and email campaign that would test employee response to phishing.
  • General phishing campaigns were performed enterprise-wide on a periodic basis to measure improvements over time. The campaigns included phishing attacks delivered via email, text messages and phone calls.
  • In-depth, targeted, spear phishing was performed on targeted individuals and business units to evaluate and measure the risk exposure of these critical areas.

The Result:

  • Security Compass helped benchmark our Client’s enterprise awareness to phishing, including measuring the effectiveness of anti-phishing security controls, employee response levels, and identifying the risk level of each campaign.
  • Dashboards were created to illustrate areas for improvement against industry benchmarks for phishing. Recommendations to reduce employee risk to phishing were provided.
  • We helped our Client verify the business groups which were of highest risk to phishing attacks. Armed with the results of these phishing assessments, our Client was able to definitively target additional security awareness training towards the more vulnerable areas of the organization, helping minimize the future risk of phishing.
Armed with results of Security Compass’s comprehensive phishing assessments via email, phone calls and text messages, our Client was able to definitively target additional security awareness training towards the more vulnerable areas of the organization to help minimize the future risk of phishing.

Back to Client Stories

Contact Us

You’re different, and we know it.

We are your guide to planning, assessing, and helping you build secure information systems to keep your business productive.

Contact us to find out how we can help you.

 
Mostly
Some of
 
(Choose One)
(All that apply)
Web Search
Online Ad
White Paper
Analyst Report
Trade Show
Worked With Us Elsewhere
Referral
Other

Security Compass Logo